Changeset d6834e0 in mod_gnutls for include


Ignore:
Timestamp:
Jun 10, 2016, 9:34:08 AM (3 years ago)
Author:
Thomas Klute <thomas2.klute@…>
Branches:
debian/master, debian/stretch-backports, master, upstream
Children:
15b22cb
Parents:
aa68232
git-author:
Thomas Klute <thomas2.klute@…> (06/10/16 09:29:57)
git-committer:
Thomas Klute <thomas2.klute@…> (06/10/16 09:34:08)
Message:

OCSP refresh mutex: Prevent parallel requests

Add a global mutex which a thread must hold before updating a cached
OCSP response. This avoids two threads updating the same response in
parallel. The impact of parallel updates may be small with the
experimental file-based mechanism, but an extra OCSP request over HTTP
would add a lot of overhead.

Note that the new 'gnutls-ocsp' mutex is a global mutex, not one per
virtual host, because a mutex must be registered in pre_config for the
Mutex directive to work.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • include/mod_gnutls.h.in

    raa68232 rd6834e0  
    215215     * unset. */
    216216    apr_uri_t *ocsp_uri;
     217    /* Mutex to prevent parallel OCSP requests */
     218    apr_global_mutex_t *ocsp_mutex;
    217219    /* Trust list to verify OCSP responses for stapling. Should
    218220     * usually only contain the CA that signed the server
Note: See TracChangeset for help on using the changeset viewer.